EXIN Advanced Course in Information Security Management (ISMAS)

Provided by

Enquire about this course

About the course

The Information Security Management Advanced (ISMAS) addresses organisational and managerial aspects of Information Security at the strategic level.
Following on from the EXIN Information Security Foundation, this 3½ day course prepares delegates for the EXIN Information Security Advanced Management examination.

The goal of the course is to ensure that individuals responsible for information within their department or organisation possess a practical understanding of the theory behind its protection.

Successful candidates with information responsibilities; those who plan and implement policy, Information Asset Owners and process managers, are able to consider which controls contained within ISO/IEC 27002 are required in order to mitigate identified risks, ultimately satisfying the specifications of ISO/IEC 27001.

In addition, ISMAS holders offer guidance, support and direction for fellow employees to follow. While encouragement and leadership are good practice, it is also important to have direct oversight of employee activity as it happens in order to ensure basic Information Security measures and controls are maintained.

Course Contents

Risk Assessment – Overview of analysis and evaluation techniques
Relationships – Relationships with other management processes, 3rd party suppliers / partners and customers
Information Security Framework – Identification of controls contained within ISO/IEC 27002 along with other technical standards
Policy – Development and implementation
Legal Compliance – Privacy and protection of personal information
Evaluation – Review of monitoring techniques and auditing practices

Course Format

Information Security Management Advanced (ISMAS) – 3½ Day Course / 90 minute exam

Target Audience

Information Security, Assurance & Governance Managers

IT, IT Security & IT Service Management Heads

Data Protection Managers, Records Managers

Information Risk Managers

Information Asset Owners, Information Asset Accreditors

Information Security Internal Audit Team


Start date Location / delivery
No fixed date Scotland, Glasgow

Related article

Cyber security – why bother? Most people’s perception of cyber-attacks are either of someone in a darkened room trying to take down web sites, or c...